Poster
I was stupid tried to install Nod32, thinkig that a working version had finally been released, so now, as my antivirus protection was inexistant I've just had an attack:
ad-aware & spybot( both updated) can't remove the shit ( something named isearch highjacking)
Norton corp 8.1 neither (updated)
and neither can microsoft antispyware ( updated)
That shit distroyed my windows firewall, fucked up my firefox, put me a search bar in the desktop, slowed down my computer, & pooped sum icons on my desktop.
what should I do?
03-29-2005, 08:47 PM
Software & Hardware -
#2
╚════╩═╬════╝
remove anyweird items from your startup -use this http://www.windowsstartup.com/download.php or something else
kill anyweird processes from from taskmanager (ctrl alt delete)
ten run spyware again
also
hijackthis log - download here http://www.majorgeeks.com/download3155.html
03-29-2005, 09:13 PM
Software & Hardware -
#3
Poster
03-29-2005, 09:17 PM
Software & Hardware -
#4
woowoo
post the hijackthis! log or have it analyzed here: www.hijackthis.de
03-29-2005, 09:26 PM
Software & Hardware -
#5
Poster
Logfile of HijackThis v1.99.1
Scan saved at 23:20:32, on 29/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\0\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\fp4403hqe.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
03-29-2005, 09:36 PM
Software & Hardware -
#6
Poster
so I've downloaded hijack this, had analised my computer, and had analised the log file so I get this (see image enclosed)
I cant remove the shit from the window task manager, nor with the "Startup Inspector for Windows" 15 percent told me.
Attached Images
03-29-2005, 10:01 PM
Software & Hardware -
#7
Poster
i've never seen something like this, even with run---msconfig , it doesn't work!!!
03-29-2005, 10:05 PM
Software & Hardware -
#8
03-29-2005, 10:22 PM
Software & Hardware -
#9
L33T Member
BT Rep: +5
boot into safe mode and try to remove all that shit with your spyware apps. It might work may not.
03-29-2005, 10:24 PM
Software & Hardware -
#10
╚════╩═╬════╝
open your hosts file with notepad
the hosts file is here (it is simply a file called "hosts"
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS
delete these lines
69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
69.20.16.183 auto.search.msn.com
and save.
Last edited by 100%; 03-29-2005 at 10:32 PM .
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules
Bookmarks